How to create/removal specify custom host without docker run container

[quangnv13]

I need to gen and auto renew ssl certificate for some domains. How to create/removal and force specify custom host without docker run container(not use LETSENCRYPT_HOST env).

[buchdag]

Hi. You can achieve this using the standalone certificates feature.

[quangnv13]

Hi. You can achieve this using the standalone certificates feature.

Oh, thanks for your answer. But sorry but i don't know how to use it.
$ docker run --detach \ --name nginx-proxy-acme \ --volumes-from nginx-proxy \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ --volume acme:/etc/acme.sh \ --volume /path/to/your/config_file:/app/letsencrypt_user_data:ro \ nginxproxy/acme-companion
What's configuration file(file extension)? Can you explain for configuration file and how to create it.

[buchdag]

Basically you have to create a configuration file that mimic the structure of the internal letsencrypt_data file and mount it inside your container as /app/letsencrypt_user_data.

Let say you want to get a certificate for example.yourdomain.tld

1. Choose a unique identifier for this certificate, let's say certificate_example_yourdomain. This identifier will be repeated on the variables names contained in the user configuration file to let the service bash script know they're to be used together. Letters, numbers and underscore only, no space and no hyphen.
2. Create your config file on your local host, let's say it's is named /home/quangnv13/letsencrypt_user_data. The minimal amount of info it should contain is :

# bash array containing the unique identifier(s) you chose
LETSENCRYPT_STANDALONE_CERTS=('certificate_example_yourdomain')
# bash array containing the domain(s) to be covered by your certificate identified by certificate_example_yourdomain
LETSENCRYPT_certificate_example_yourdomain_HOST=('example.yourdomain.tld')

The comments are obviously just for explanation purpose and not required.

3. Create the acme-companion container with /home/quangnv13/letsencrypt_user_data mounted to /app/letsencrypt_user_data:

$ docker run --detach \
--name nginx-proxy-acme \
--volumes-from nginx-proxy \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume acme:/etc/acme.sh \
--volume /home/quangnv13/letsencrypt_user_data:/app/letsencrypt_user_data:ro \
nginxproxy/acme-companion

And you're done, if example.yourdomain.tld correctly resolve to your host and everything else is correctly configured, you should obtain your certificate and it will be available along the others in /etc/nginx/certs

To understand the unique identifier stuff, let's say you now want to get another multi domain certificate that covers 1.yourdomain.tld and 2.yourdomain.tld.

The minimal configuration inside /home/quangnv13/letsencrypt_user_data will look like this:

# bash array containing the unique identifier(s) you chose
LETSENCRYPT_STANDALONE_CERTS=('certificate_example_yourdomain' 'someuniqueidentifieryouchose')
# bash array containing the domain(s) to be covered by your certificate identified by certificate_example_yourdomain
LETSENCRYPT_certificate_example_yourdomain_HOST=('example.yourdomain.tld')
# bash array containing the domain(s) to be covered by your certificate identified by someuniqueidentifieryouchose
LETSENCRYPT_someuniqueidentifieryouchose_HOST=('1.yourdomain.tld' '2.yourdomain.tld')

The unique identifier can be anything you want, it just has to be unique in the context of this configuration file you're creating and be valid as part of a bash variable name. Again letters, numbers and underscore only.

edit : the file extension does not matter, what matter is that its is mounted as /app/letsencrypt_user_data inside the container and that the content are valid bash variables.

[quangnv13]

Basically you have to create a configuration file that mimic the structure of the internal letsencrypt_data file and mount it inside your container as /app/letsencrypt_user_data.

Let say you want to get a certificate for example.yourdomain.tld

1. Choose a unique identifier for this certificate, let's say `certificate_example_yourdomain`. This identifier will be repeated on the variables names contained in the user configuration file to let the service bash script know they're to be used together. Letters, numbers and underscore only, no space and no hyphen.

2. Create your config file on your local host, let's say it's is named `/home/quangnv13/letsencrypt_user_data`. The minimal amount of info it should contain is :

# bash array containing the unique identifier(s) you chose
LETSENCRYPT_STANDALONE_CERTS=('certificate_example_yourdomain')
# bash array containing the domain(s) to be covered by your certificate identified by certificate_example_yourdomain
LETSENCRYPT_certificate_example_yourdomain_HOST=('example.yourdomain.tld')

The comments are obviously just for explanation purpose and not required.

1. Create the **acme-companion** container with `/home/quangnv13/letsencrypt_user_data` mounted to `/app/letsencrypt_user_data`:

$ docker run --detach \
--name nginx-proxy-acme \
--volumes-from nginx-proxy \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume acme:/etc/acme.sh \
--volume /home/quangnv13/letsencrypt_user_data:/app/letsencrypt_user_data:ro \
nginxproxy/acme-companion

And you're done, if example.yourdomain.tld correctly resolve to your host and everything else is correctly configured, you should obtain your certificate and it will be available along the others in /etc/nginx/certs

To understand the unique identifier stuff, let's say you now want to get another multi domain certificate that covers 1.yourdomain.tld and 2.yourdomain.tld.

The minimal configuration inside /home/quangnv13/letsencrypt_user_data will look like this:

# bash array containing the unique identifier(s) you chose
LETSENCRYPT_STANDALONE_CERTS=('certificate_example_yourdomain' 'someuniqueidentifieryouchose')
# bash array containing the domain(s) to be covered by your certificate identified by certificate_example_yourdomain
LETSENCRYPT_certificate_example_yourdomain_HOST=('example.yourdomain.tld')
# bash array containing the domain(s) to be covered by your certificate identified by someuniqueidentifieryouchose
LETSENCRYPT_someuniqueidentifieryouchose_HOST=('1.yourdomain.tld' '2.yourdomain.tld')

The unique identifier can be anything you want, it just has to be unique in the context of this configuration file you're creating and be valid as part of a bash variable name. Again letters, numbers and underscore only.

edit : the file extension does not matter, what matter is that its is mounted as /app/letsencrypt_user_data inside the container and that the content are valid bash variables.

Now i'm using image: jrcs/letsencrypt-nginx-proxy-companion:2.0.2. If i resetup my container use --volume acme:/etc/acme.sh \ --volume /home/quangnv13/letsencrypt_user_data:/app/letsencrypt_user_data:ro \ is it ok?

[buchdag]

Now i'm using image: jrcs/letsencrypt-nginx-proxy-companion:2.0.2. If i resetup my container use --volume acme:/etc/acme.sh \ --volume /home/quangnv13/letsencrypt_user_data:/app/letsencrypt_user_data:ro \ is it ok?

As I don't know your original setup I have no way to tell 😃

[quangnv13]

Now i'm using image: jrcs/letsencrypt-nginx-proxy-companion:2.0.2. If i resetup my container use --volume acme:/etc/acme.sh \ --volume /home/quangnv13/letsencrypt_user_data:/app/letsencrypt_user_data:ro \ is it ok?

As I don't know your original setup I have no way to tell 😃

version: '3'

services:
  nginx-proxy:
    image: nginx:1.19.9
    container_name: nginx-proxy
    labels:
        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    restart: always
    ports: 
      - 80:80
      - 443:443
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
  
  docker-gen:
    image: jwilder/docker-gen:0.7.0
    container_name: nginx-proxy-gen
    command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen"
    depends_on:
      - nginx-proxy
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion:2.0.2
    container_name: nginx-proxy-les
    depends_on:
      - nginx-proxy
      - docker-gen
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro

networks:
  default:
    external: 
      name: nginx-proxy

Here is my config! Can you check it?

[quangnv13]

I have letsencrypt_service_data config file like:

LETSENCRYPT_CONTAINERS=(                      
                        '19420333155d'                     
                        '99179a37c995'        
                        '7a21b77c3145'                     
                        '57f08f766dd1'                     
                        '05acfadf3339'                     
                        '6cd2d090fcc6'                 
)                                                          
LETSENCRYPT_19420333155d_HOST=('adminer.quangnguyen.info' )
LETSENCRYPT_19420333155d_KEYSIZE="<no value>" 
LETSENCRYPT_19420333155d_TEST="<no value>"             
LETSENCRYPT_19420333155d_EMAIL="<no value>"                
ACME_19420333155d_CA_URI="<no value>"                  
ACME_19420333155d_PREFERRED_CHAIN="<no value>"             
ACME_19420333155d_EAB_KID="<no value>"                      
ACME_19420333155d_EAB_HMAC_KEY="<no value>"                 
ZEROSSL_19420333155d_API_KEY="<no value>"              
LETSENCRYPT_19420333155d_RESTART_CONTAINER="<no value>"     
LETSENCRYPT_99179a37c995_HOST=('chatbox.quangnguyen.info' )
LETSENCRYPT_99179a37c995_KEYSIZE="<no value>" 
LETSENCRYPT_99179a37c995_TEST="<no value>"             
LETSENCRYPT_99179a37c995_EMAIL="<no value>"                 
ACME_99179a37c995_CA_URI="<no value>"                  
ACME_99179a37c995_PREFERRED_CHAIN="<no value>"              
ACME_99179a37c995_EAB_KID="<no value>"                     
ACME_99179a37c995_EAB_HMAC_KEY="<no value>"                
ZEROSSL_99179a37c995_API_KEY="<no value>"              
LETSENCRYPT_99179a37c995_RESTART_CONTAINER="<no value>"     
LETSENCRYPT_7a21b77c3145_HOST=('cloudcmd.quangnguyen.info' )
LETSENCRYPT_7a21b77c3145_KEYSIZE="<no value>" 
LETSENCRYPT_7a21b77c3145_TEST="<no value>"             
LETSENCRYPT_7a21b77c3145_EMAIL="<no value>"                
ACME_7a21b77c3145_CA_URI="<no value>"                  
ACME_7a21b77c3145_PREFERRED_CHAIN="<no value>"             
ACME_7a21b77c3145_EAB_KID="<no value>"                 
ACME_7a21b77c3145_EAB_HMAC_KEY="<no value>"            
ZEROSSL_7a21b77c3145_API_KEY="<no value>"              
LETSENCRYPT_7a21b77c3145_RESTART_CONTAINER="<no value>"    
LETSENCRYPT_57f08f766dd1_HOST=('monitor.quangnguyen.info' )
LETSENCRYPT_57f08f766dd1_KEYSIZE="<no value>" 
LETSENCRYPT_57f08f766dd1_TEST="<no value>"             
LETSENCRYPT_57f08f766dd1_EMAIL="<no value>"            
ACME_57f08f766dd1_CA_URI="<no value>"                  
ACME_57f08f766dd1_PREFERRED_CHAIN="<no value>"         
ACME_57f08f766dd1_EAB_KID="<no value>"                        
ACME_57f08f766dd1_EAB_HMAC_KEY="<no value>"                   
ZEROSSL_57f08f766dd1_API_KEY="<no value>"              
LETSENCRYPT_57f08f766dd1_RESTART_CONTAINER="<no value>"       
LETSENCRYPT_05acfadf3339_HOST=('ols.quangnguyen.info' )
LETSENCRYPT_05acfadf3339_KEYSIZE="<no value>"